Description
Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse() method.
Recommendation
Update the uri-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- Regular Expression Denial of Service in marked (GHSA-x5pg-88wf-qq4p) - CVE-2017-16114
- Regular Expression Denial of Service in slug - CVE-2017-16117
- Regular Expression Denial of Service in moment - CVE-2017-18214
- Regular Expression Denial of Service in string package - CVE-2017-16116
- Tags:
- npm
- uri-js
Anything's wrong? Let us know Last updated on April 22, 2024